File:  [LON-CAPA] / loncom / apachereload
Revision 1.4: download - view: text, annotated - select for diffs
Mon Oct 31 16:13:45 2005 UTC (18 years, 5 months ago) by albertel
Branches: MAIN
CVS tags: version_2_1_1, version_2_1_0, version_2_0_X, version_2_0_99_1, HEAD
- load the config files

    1: #!/usr/bin/perl
    2: # The Learning Online Network with CAPA
    3: #
    4: # apachereload - setuid script that reloads the apache daemon.
    5: #
    6: # $Id: apachereload,v 1.4 2005/10/31 16:13:45 albertel Exp $
    7: #
    8: # Copyright Michigan State University Board of Trustees
    9: #
   10: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
   11: #
   12: # LON-CAPA is free software; you can redistribute it and/or modify
   13: # it under the terms of the GNU General Public License as published by
   14: # the Free Software Foundation; either version 2 of the License, or 
   15: # (at your option) any later version.
   16: #
   17: # LON-CAPA is distributed in the hope that it will be useful,
   18: # but WITHOUT ANY WARRANTY; without even the implied warranty of
   19: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   20: # GNU General Public License for more details.
   21: #
   22: # You should have received a copy of the GNU General Public License
   23: # along with LON-CAPA; if not, write to the Free Software
   24: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   25: #
   26: # /home/httpd/html/adm/gpl.txt
   27: #
   28: # http://www.lon-capa.org/
   29: #
   30: 
   31: 
   32: use strict;
   33: #
   34: #  This script is a setuid script that must be run as user www
   35: #  it effectively just executes /etc/init.d/httpd reload.
   36: #  causing the apache daemon to get HUP'd.  The script is
   37: #  run by lond after re-initing it's host information.
   38: 
   39: $ENV{'PATH'}='/bin:/usr/bin:/usr/local/sbin:/home/httpd/perl'; # Nullify path
   40:                                                                # information
   41: delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
   42: 
   43: my $command = "/etc/init.d/httpd reload";
   44: 
   45: use lib '/home/httpd/lib/perl/';
   46: use LONCAPA::Configuration;
   47: my %perlvar= %{&LONCAPA::Configuration::read_conf('loncapa.conf')};
   48: 
   49: my $dist=`$perlvar{'lonDaemons'}/distprobe`;
   50: if ($dist =~ /^(suse|sles)/) {
   51:     $command = "/etc/init.d/apache reload";
   52: }
   53: # Do not print error messages
   54: my $noprint=1;
   55: 
   56: print "In apachereload" unless $noprint;
   57: 
   58: # ----------------------------- Make sure this process is running from user=www
   59: my $wwwid=getpwnam('www');
   60: &disable_root_capability;
   61: if ($wwwid!=$>) {
   62:     print("User ID mismatch.  This program must be run as user 'www'\n")
   63: 	unless $noprint;
   64:     exit 1;
   65: }
   66: 
   67: # ----------------------------------- Start running script with www permissions
   68: &disable_root_capability;
   69: 
   70: # --------------------------- Handle case of another apachereload process (locking)
   71: unless (&try_to_lock('/tmp/lock_apachereload')) {
   72:     print "Error. Too many other simultaneous password change requests being ".
   73: 	"made.\n" unless $noprint;
   74:     exit 4;
   75: }
   76: 
   77: 
   78: &enable_root_capability;
   79: ($>,$<)=(0,0);
   80: 
   81: 
   82: #  Now run the reload:
   83: #
   84: 
   85: system($command);
   86: 
   87: #  Remove the lock file.
   88: 
   89: 
   90: 
   91: &disable_root_capability;
   92: unlink('/tmp/lock_apachereload');
   93: exit 0;
   94: 
   95: # ---------------------------------------------- have setuid script run as root
   96: sub enable_root_capability {
   97:     if ($wwwid==$>) {
   98: 	($<,$>)=($>,0);
   99: 	($(,$))=($),0);
  100:     }
  101:     else {
  102: 	# root capability is already enabled
  103:     }
  104:     return $>;
  105: }
  106: 
  107: # ----------------------------------------------- have setuid script run as www
  108: sub disable_root_capability {
  109:     if ($wwwid==$<) {
  110: 	($<,$>)=($>,$<);
  111: 	($(,$))=($),$();
  112:     }
  113:     else {
  114: 	# root capability is already disabled
  115:     }
  116: }
  117: 
  118: # ----------------------- make sure that another apachereload process isn't running
  119: sub try_to_lock {
  120:     my ($lockfile)=@_;
  121:     my $currentpid;
  122:     my $lastpid;
  123:     # Do not manipulate lock file as root
  124:     if ($>==0) {
  125: 	return 0;
  126:     }
  127:     # Try to generate lock file.
  128:     # Wait 3 seconds.  If same process id is in
  129:     # lock file, then assume lock file is stale, and
  130:     # go ahead.  If process id's fluctuate, try
  131:     # for a maximum of 10 times.
  132:     for (0..10) {
  133: 	if (-e $lockfile) {
  134: 	    open(LOCK,"<$lockfile");
  135: 	    $currentpid=<LOCK>;
  136: 	    close LOCK;
  137: 	    if ($currentpid==$lastpid) {
  138: 		last;
  139: 	    }
  140: 	    sleep 3;
  141: 	    $lastpid=$currentpid;
  142: 	}
  143: 	else {
  144: 	    last;
  145: 	}
  146: 	if ($_==10) {
  147: 	    return 0;
  148: 	}
  149:     }
  150:     open(LOCK,">$lockfile");
  151:     print LOCK $$;
  152:     close LOCK;
  153:     return 1;
  154: }
  155: 
  156: =head1 NAME
  157: 
  158: apachereload -setuid script to reload the apache web server.
  159: 
  160: =head1 DESCRIPTION
  161: 
  162: LON-CAPA - setuid script to reload the apache web server.
  163: 
  164: =head1 README
  165: 
  166: LON-CAPA  setuid script to reload the apache web server.
  167: 
  168: =head1 PREREQUISITES
  169: 
  170: =head1 COREQUISITES
  171: 
  172: =pod OSNAMES
  173: 
  174: linux
  175: 
  176: =pod SCRIPT CATEGORIES
  177: 
  178: LONCAPA/Administrative
  179: 
  180: =cut

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>